Technical Detail

Castle is broadly similar to Signal Protocol, which is an open standard that has seen heavy scrutiny and is considered to be highly secure. Details of Signal Protocol can be found here. The differences in Castle are as follows:

Public Key Authentication

Signal

Signal is unauthenticated by default, relying on users to meet and scan QR codes. This is not a one-time process, but rather must be performed every time you or your chat partner activate a new client/device.

Cyph

Cyph Accounts: Upon signup, a long-lived key pair is generated and authenticated via a one-time AGSE-PKI certificate issuance. This provides always-on authentication for that user seamlessly and indefinitely.

Cyph Burner: The cyph link URL fragment includes a shared secret that is used during the handshake to provide authenticity. This is less secure than Cyph Accounts for repeat conversations over time, but is safe from man-in-the-middle as long as an attacker fails to compromise both the Cyph servers and the channel used to transmit the link within the window of time before the link is opened.

Quantum Computing Resistance

Signal

Signal Protocol presently offers no mitigation for quantum computing.

Castle

Castle integrates various proposed “post-quantum” cryptographic primitives. Post-quantum cryptography has been a very active area of research in recent decades with much uncertainty as to what will hold up against future cryptanalysis. Castle maximizes its chances of long-term success by hedging its bets on at least one of these algorithms standing the test of time.

Cyph Accounts: All message history is by default encrypted with the user’s key and synced to cloud storage, making forward secrecy impossible. However, ephemeral “burner” chats are also supported from Cyph Accounts.